[tbb-bugs] #13252 [Tor Browser]: Tor Browser on OS X should not store data into the application bundle

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Dec 16 19:59:22 UTC 2015 

#13252: Tor Browser on OS X should not store data into the application bundle
-------------------------+--------------------------
 Reporter:  torosx       |          Owner:  tbb-team
     Type:  defect       |         Status:  new
 Priority:  Medium       |      Milestone:
Component:  Tor Browser  |        Version:
 Severity:  Normal       |     Resolution:
 Keywords:               |  Actual Points:
Parent ID:  #6540        |         Points:
  Sponsor:               |
-------------------------+--------------------------

Comment (by mcs):

 Replying to [comment:4 mikeperry]:
 > mcs+brade: This seems like something you might be able to help with,
 since you reorganized our Mac bundles before? I can get you a Mac
 "developer" certificate if you give me a CSR using those jenkins
 instructions, if you need that. (Though tbh, I don't get what the
 difference is between the developer certs and the app store certs.. if
 there is no difference from our users' point of view, maybe we should find
 another way to test this.. Do we even need to involve Apple's official
 cert process at all to get past these errors?)

 Kathy and I will take a  look. I think what we ultimately want for signing
 is a Production "Developer ID" certificate, not an App Store one. There
 are also "Mac Development" certificates that should work for testing the
 build process but presumably are not suitable for distribution of the .app
 bundle to end-users. Kathy and I should be able to generate certs for
 testing because we have access to an Apple Developer account (we use it
 for some iOS work and Apple merged all of their programs together, so in
 theory we can create certs for Mac apps also).

 But the showstopper issue with the Tor Browser bundle structure is going
 to be the Tor and browser profile data that we store inside the bundle. I
 am almost certain that we will need to move all files that may change out
 of the .app bundle. Maybe we will have to ship a folder that contains a
 TorBrowser folder as well as TorBrowser.app (instead of having everything
 inside TorBrowser.app as we do today). Assuming that works with
 Gatekeeper, we then have the problem that users can break things by moving
 one folder without the other :(

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13252#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list